The download_selection_recursive() function in ftplist.c for IglooFTP 0.6.1 allows remote malicious FTP servers to overwrite arbitrary files via filenames that contain / (slash) characters.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Iglooftp |
Iglooftp |
0.6.1 |
0.6.1 |
References